Hacker steals at least 58 million personal records from data management firm

1129714 autosave v1 hackers22
Shutterstock
Hardly a day goes by lately when we don’t hear about a massive data breach. Whether it’s a major retail outlet like Home Depot, an electronic auction service like eBay, or an online services company like Yahoo, no matter where your personal data resides it seems wide open to malicious attack. Research shows that there have been 2,928 publicly disclosed attacks so far in 2016 involving greater than 2.2 billion records in total.

Sometimes, you know that you’re a victim of a data breach, such as when Blue Cross Blue Shield company Carefirst was hacked and over a million records were stolen. Sometimes, however, as with the recent data breach at Modern Business Solutions (MBS), you may not even be aware that the company exists, according to security firm Risk Based Security.

Related: Target data breach forces CEO out the door

MBS is a company specializing in providing in-house data management and monetization services to other companies. If you’re an MBS customer, then you probably don’t even know it, and the 58 million stolen database records could belong to just about anyone.

The hacker who perpetrated the theft is known by the Twitter handle @0x2Taylor, and apparently the stolen data was posted multiple times over the past weekend. The data was quickly removed each time, but it included complete names, IP addresses, dates of birth, email addresses, vehicle data, and occupations. In other words, the data would be incredibly helpful for conducting further, highly individualized attacks such as identity theft.

Perhaps worst, the breach was made possible due to the use of an obvious attack vector. MBS was using an open MongoDB database, and apparently all that was needed for the attack to occur was for the IP address of that database to be communicated online. Rather than informing MBS of the security issue, whoever found the database leaked it to acquaintances instead. From there, the attack was both simple and straightforward.

At this point, there’s some confusion as to the actual number of records that were released. While it’s at least 58 million, it could be as many as 258 million based on an analysis of the database involved. While research is ongoing, it’s entirely possible that we’ll never know exactly how much data was released and who was affected.

Normally we would give various recommendations about being aware of where your personal data is being stored and to respond appropriately to any notifications of a data breach. In this case, there’s not much you can do except invest in a credit and data monitoring service of some sort to make sure you’re generally protected — because you never know when you might be attacked and not even know it.

Business

Apple banned from distributing some iPhone models in Germany

Apple is following the FTC's lead and has sued Qualcomm for a massive $1 billion in the U.S., $145 million in China, and also in the U.K., claiming the company charged onerous royalties for its patented tech.
Smart Home

Amazon Prime members number more than 100 million in the U.S., survey says

Consumer Intelligence Research Partners estimated there were 101 million U.S. Amazon Prime members as of December 31, 2018. Last April, CEO Jeff Bezos wrote there were more than 100 global million Prime members.
Computing

Data breach compromises 773 million records, 21 million passwords

A security researcher was alerted to a collection of breached data that included more than 773 million compromised records. After digging deeper, the breach was revealed to contain more than 21 million passwords.
Music

Tidal faces legal jeopardy over fake stream numbers accusation

In another challenging chapter for music subscription service Tidal, Norwegian authorities have begun a formal investigation into charges that the company faked millions of streams for artists such as Kanye West and Beyoncé.
Computing

Don't spend a fortune on a PC. These are the best laptops under $300

Buying a laptop needn't mean spending a fortune. If you're just looking to browse the internet, answer emails, and watch Netflix, you can pick up a great laptop at a great price. These are the best laptops under $300.
Computing

Dell XPS 13 vs. Asus Zenbook 13: In battle of champions, who will be the victor?

The ZenBook 13 UX333 continues Asus's tradition of offering great budget-oriented 13-inch laptop offerings. Does this affordable machine offer enough value to compete with the excellent Dell XPS 13?
Product Review

LG Gram 14 proves 2-in-1 laptops don’t need to sacrifice battery for light weight

The LG Gram 14 2-in-1 aims to be very light for a laptop that converts to a tablet. And it is. But it doesn’t skimp on the battery, and so it lasts a very long time on a charge.
Gaming

Take a trip to a new virtual world with one of these awesome HTC Vive games

So you’re considering an HTC Vive, but don't know which games to get? Our list of 25 of the best HTC Vive games will help you out, whether you're into rhythm-based gaming, interstellar dogfights, or something else entirely.
Computing

The Asus ZenBook 13 offers more value and performance than Apple's MacBook Air

The Asus ZenBook 13 UX333 is the latest in that company's excellent "budget" laptop line, and it looks and feels better than ever. How does it compare to Apple's latest MacBook Air?
Computing

AMD Radeon VII will support DLSS-like upscaling developed by Microsoft

AMD's Radeon VII has shown promise with early tests of an open DLSS-like technology developed by Microsoft called DirectML. It would provide similar upscale features, but none of the locks on hardware choice.
Computing

You could be gaming on AMD’s Navi graphics card before the end of the summer

If you're waiting for a new graphics card from AMD that doesn't cost $700, you may have to wait for Navi. But that card may not be far away, with new rumors suggesting we could see a July launch.
Computing

Is AMD's Navi back on track for 2019? Here's everything you need to know

With a reported launch in 2019, AMD is focusing on the mid-range market with its next-generation Navi GPU. Billed as a successor to Polaris, Navi promises to deliver better performance to consoles, like Sony's PlayStation 5.
Computing

Cortana wants to be friends with Alexa and Google Assistant

Microsoft no longer wants to compete against Amazon's Alexa and Google's Assistant in the digital assistant space. Instead, it wants to transform Cortana into a skill that can be integrated into other digital assistants.
Computing

Microsoft leans on A.I. to resume safe delivery of Windows 10 Update

Microsoft is leaning on artificial intelligence as it resumes the automatic rollout of the Windows 10 October 2018 Update. You should start seeing the update soon now that Microsoft has resolved problems with the initial software.